I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. This document that follows explains how I comply. If you have given me your email address (by emailing me, or commenting on my website, for example) you should read this to reassure yourself that I am looking after your data responsibly.

Based on the 12 steps to take in the ICO booklet, ‘Preparing for the General Data Protection Regulation – 12 Steps to Take Now’, here are my answers.

  1. Awareness

I am a sole trader so there is no one else in my organisation to make aware.

  1. The information I hold:
  • Email addresses of people who have emailed me and to whom I have replied: automatically saved in iCloud, protected by a strong password and 2-factor authentication.
  • Email addresses of readers who have commented on my website: stored on WordPress protected by a strong password.

I do not ‘process’ or share this information with anyone, except with the explicit permission of the person in question. I never aggregate or sell it.

  1. Communicating privacy information

I have a note on the Contact page of my website, with a link to this information.

  1. Individuals’ rights

On request, I will delete personal information (contact details and any other relevant information) held by me.

If someone asked to see their data, I would take a screenshot of their entry/entries.

  1. Subject access requests

I aim to respond to all requests within 48 hours.

  1. Lawful basis for processing data

I do not ‘process’ data. I hold contact details so that I can reply, and that is all.

  1. Consent

As I only reply on an individual basis to people who have contacted me, and do not use their personal details in any other way, I regard this as consent.

  1. Children

Young people sometimes email me but I do not know their age unless they tell me – and I only have their word for that. Since I am not “processing” their data, I am not required to ask for parental consent. I reply to the email and do not contact them again.

  1. Data breaches

I have done everything I can to prevent these, by strongly password-protecting my computer, WordPress and Blacknight accounts. If either of those organisations were compromised I would take steps to follow their advice immediately.

  • Data Protection by Design and Data Protection Impact Assessments 

I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.

  1. Data Protection Officers

As a sole trader, I do not have a DPO.

  • International

My lead data protection supervisory authority is the UK’s ICO.

As an ex-lobbyist, I observe that authors and other sole traders with small websites could have been better represented during the drafting of the GDPR regulations, but they weren’t, so here we are. I have always tried to respect your privacy and look after your data, as I hope you would for me.


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.